Lucene search
K
GithubMost viewed

33122 matches found

Github Security Blog
Github Security Blog
added 2018/08/06 9:43 p.m.242 views

discordi.js is malware

The discordi.js package is malware that attempts to discover and exfiltrate a user's Discord credentials, sending them to pastebin. All versions have been unpublished from the npm registry. Recommendation Do not install / use this module. It has been unpublished from the npm registry but may exis...

7.3CVSS7AI score0.00749EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2021/12/16 2:34 p.m.240 views

Code Injection in md-to-pdf.

The package md-to-pdf before 5.0.0 are vulnerable to Remote Code Execution RCE due to utilizing the library gray-matter to parse front matter content, without disabling the JS engine...

9.8CVSS5.4AI score0.05329EPSS
Exploits2References5Affected Software1
Github Security Blog
Github Security Blog
added 2022/02/11 9:33 p.m.239 views

Puma used with Rails may lead to Information Exposure

Impact Prior to puma version 5.6.2, puma may not always call close on the response body. Rails, prior to version 7.0.2.2, depended on the response body being closed in order for its CurrentAttributes implementation to work correctly. From Rails: Under certain circumstances response bodies will no...

8CVSS0.6AI score0.02124EPSS
Exploits0References14Affected Software1
Github Security Blog
Github Security Blog
added 2020/01/08 3:10 a.m.239 views

PrestaShop autoupgrade module ZIP archives were vulnerable from CVE-2017-9841

Impact We have identified that some autoupgrade module ZIP archives have been built with phpunit dev dependencies. PHPUnit contains a php script that would allow, on a webserver, an attacker to perform a RCE. This vulnerability impacts - phpunit before 4.8.28 and 5.x before 5.6.3 as reported in...

9.8CVSS0.7AI score0.99999EPSS
Exploits19References3Affected Software1
Github Security Blog
Github Security Blog
added 2018/10/18 7:24 p.m.239 views

Apache Struts vulnerable to remote command execution (RCE) due to improper input validation

Apache Struts contains a Remote Code Execution when using results with no namespace and it's upper actions have no or wildcard namespace. The same flaw exists when using a url tag with no value, action set, and it's upper actions have no or wildcard namespace...

9.3CVSS2.9AI score0.99993EPSS
Exploits41References27Affected Software1
Github Security Blog
Github Security Blog
added 2024/06/07 9:58 p.m.239 views

Zend-Form vulnerable to Cross-site Scripting

Many Zend Framework 2 view helpers were using the escapeHtml view helper in order to escape HTML attributes, instead of the more appropriate escapeHtmlAttr. In situations where user data and/or JavaScript is used to seed attributes, this can lead to potential cross site scripting XSS attack...

5.8AI score
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2023/05/07 3:30 a.m.238 views

Django bypasses validation when using one form field to upload multiple files

In Django 3.2 before 3.2.19, 4.x before 4.1.9, and 4.2 before 4.2.1, it was possible to bypass validation when using one form field to upload multiple files. This multiple upload has never been supported by forms.FileField or forms.ImageField only the last uploaded file was validated. However,...

9.8CVSS6.5AI score0.0138EPSS
Exploits0References12Affected Software1
Github Security Blog
Github Security Blog
added 2020/08/25 11:40 p.m.238 views

Sandbox Breakout / Arbitrary Code Execution in safe-eval

All versions of safe-eval are vulnerable to Sandbox Escape leading to Remote Code Execution. The package fails to restrict access to the main context through Error objects. This may allow attackers to execute arbitrary code in the system. Evaluating the payload js function var ex = new Error...

9.8CVSS9.5AI score0.0143EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2020/03/05 10:9 p.m.238 views

Remote code execution in PHPMailer

Impact The mailSend function in the default isMail transport in PHPMailer before 5.2.18 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code via a " backslash double quote in a crafted Sender property. Patches Fixed in 5.2.18 Workaround...

9.8CVSS3.9AI score0.99714EPSS
Exploits58References23Affected Software1
Github Security Blog
Github Security Blog
added 2018/10/17 7:56 p.m.238 views

Remote code execution occurs in Apache Solr

Remote code execution occurs in Apache Solr before versions 5.5.5, 6.6.2 and 7.1.0 by exploiting XXE in conjunction with use of a Config API add-listener command to reach the RunExecutableListener class. Elasticsearch, although it uses Lucene, is NOT vulnerable to this. Note that the XML external...

9.8CVSS3.4AI score0.91896EPSS
Exploits11References30Affected Software1
Github Security Blog
Github Security Blog
added 2024/08/27 7:50 p.m.237 views

Webpack's AutoPublicPathRuntimeModule has a DOM Clobbering Gadget that leads to XSS

Summary We discovered a DOM Clobbering vulnerability in Webpack’s AutoPublicPathRuntimeModule. The DOM Clobbering gadget in the module can lead to cross-site scripting XSS in web pages where scriptless attacker-controlled HTML elements e.g., an img tag with an unsanitized name attribute are...

6.4CVSS6.2AI score0.00897EPSS
Exploits1References7Affected Software1
Github Security Blog
Github Security Blog
added 2020/02/21 6:55 p.m.237 views

HTTP Request Smuggling in Netty

HttpObjectDecoder.java in Netty before 4.1.44 allows an HTTP header that lacks a colon, which might be interpreted as a separate header with an incorrect syntax, or might be interpreted as an "invalid fold."...

9.1CVSS0.9AI score0.08914EPSS
Exploits1References120Affected Software3
Github Security Blog
Github Security Blog
added 2023/07/10 7:8 p.m.236 views

sweetalert2 contains potentially undesirable behavior

sweetalert2 versions from 11.6.14 to before 11.22.4 have potentially undesirable behavior. The package outputs audio and/or video messages that do not pertain to the functionality of the package when run on specific tlds. This functionality is documented on the project's readme...

7AI score
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2023/06/14 6:30 p.m.236 views

Guava vulnerable to insecure use of temporary directory

Use of Java's default temporary directory for file creation in FileBackedOutputStream in Google Guava versions 1.0 to 31.1 on Unix systems and Android Ice Cream Sandwich allows other users and apps on the machine with access to the default Java temporary directory to be able to access the files...

7.1CVSS6AI score0.00248EPSS
Exploits0References9Affected Software1
Github Security Blog
Github Security Blog
added 2022/07/05 10:56 p.m.236 views

jquery-validation Regular Expression Denial of Service due to arbitrary input to url2 method

Summary Incomplete fix of CVE-2021-43306: An exponential ReDoS Regular Expression Denial of Service can be triggered in the jquery-validation npm package, when an attacker is able to supply arbitrary input to the url2 method...

7.5CVSS7.3AI score0.01562EPSS
Exploits2References5Affected Software1
Github Security Blog
Github Security Blog
added 2018/11/09 5:44 p.m.236 views

Remote Memory Exposure in request

Affected versions of request will disclose local system memory to remote systems in certain circumstances. When a multipart request is made, and the type of body is number, then a buffer of that size will be allocated and sent to the remote server as the body. Proof of Concept js var request =...

7.1CVSS5.8AI score0.02625EPSS
Exploits1References6Affected Software1
Github Security Blog
Github Security Blog
added 2024/10/07 3:58 p.m.234 views

XXE in PHPSpreadsheet's XLSX reader

Summary The security scanner responsible for preventing XXE attacks in the XLSX reader can be bypassed by slightly modifying the XML structure, utilizing white-spaces. On servers that allow users to upload their own Excel XLSX sheets, Server files and sensitive information can be disclosed by...

7.5CVSS7.4AI score0.02859EPSS
Exploits1References6Affected Software2
Github Security Blog
Github Security Blog
added 2018/07/18 6:28 p.m.234 views

Withdrawn Advisory: mariadb was malware

Withdrawn Advisory This advisory has been withdrawn because MariaDB now owns https://www.npmjs.com/package/mariadb and the package is no longer malicious. This link is maintained to preserve external references. Original Description The mariadb package is a piece of malware that steals environmen...

7.5CVSS7.6AI score0.01135EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2020/02/19 4:43 p.m.233 views

TaffyDB can allow access to any data items in the DB

TaffyDB allows attackers to forge adding additional properties into user-input processed by taffy which can allow access to any data items in the DB. Taffy sets an internal index for each data item in its DB. However, it is found that the internal index can be forged by adding additional properti...

7.5CVSS4.4AI score0.01877EPSS
Exploits1References4Affected Software2
Github Security Blog
Github Security Blog
added 2020/06/05 7:37 p.m.232 views

Use of insecure jQuery version in OctoberCMS

Impact Passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods i.e. .html, .append, and others may execute untrusted code. Patches Issue has been patched in Build 466 v1.0.466 by applying the recommended patch from @jquery. Workarounds Apply...

6.9CVSS0.5AI score0.99019EPSS
Exploits7References4Affected Software2
Github Security Blog
Github Security Blog
added 2020/01/21 8:59 p.m.232 views

RFD attack via Content-Disposition header sourced from request input by Spring MVC or Spring WebFlux Application

In Spring Framework, versions 5.2.x prior to 5.2.3, versions 5.1.x prior to 5.1.13, and versions 5.0.x prior to 5.0.16, an application is vulnerable to a reflected file download RFD attack when it sets a "Content-Disposition" header in the response where the filename attribute is derived from use...

8CVSS4.2AI score0.88077EPSS
Exploits2References47Affected Software2
Github Security Blog
Github Security Blog
added 2022/06/23 12:0 a.m.230 views

Log Injection in Apache Sling Commons Log and Apache Sling API

Apache Sling Commons Log = 5.4.0 and Apache Sling API = 2.25.0 are vulnerable to log injection. The ability to forge logs may allow an attacker to cover tracks by injecting fake logs and potentially corrupt log files...

5.3CVSS5.8AI score0.0222EPSS
Exploits0References3Affected Software2
Github Security Blog
Github Security Blog
added 2026/06/04 2:19 p.m.229 views

Axios: Proxy-Authorization Credential Leak to Origin Server Across HTTP-to-HTTPS Redirect in Axios Node.js HTTP Adapter

Summary Axios’s Node.js HTTP adapter may forward a Proxy-Authorization header to a redirected origin during specific proxy-to-direct redirect flows. This affects Node.js usage, where an initial HTTP request is sent through an authenticated HTTP proxy, redirects are followed, and the redirected UR...

8.2CVSS5.8AI score0.00689EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2021/06/10 3:43 p.m.228 views

Cross-Site Request Forgery (CSRF) in FastAPI

Impact FastAPI versions lower than 0.65.2 that used cookies for authentication in path operations that received JSON payloads sent by browsers were vulnerable to a Cross-Site Request Forgery CSRF attack. In versions lower than 0.65.2, FastAPI would try to read the request payload as JSON even if...

8.2CVSS1.9AI score0.00772EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2020/06/15 8:36 p.m.228 views

Insecure Deserialization in Apache Commons Collection

Serialized-object interfaces in Java applications using the Apache Commons Collections ACC library may allow remote attackers to execute arbitrary commands via a crafted serialized Java object...

9.8CVSS8.1AI score0.18763EPSS
Exploits1References12Affected Software5
Github Security Blog
Github Security Blog
added 2022/02/11 11:27 p.m.227 views

containerd v1.2.x can be coerced into leaking credentials during image pull

Impact If a container image manifest in the OCI Image format or Docker Image V2 Schema 2 format includes a URL for the location of a specific image layer otherwise known as a “foreign layer”, the default containerd resolver will follow that URL to attempt to download it. In v1.2.x but not 1.3.0 o...

6.1CVSS0.6AI score0.02209EPSS
Exploits1References9Affected Software1
Github Security Blog
Github Security Blog
added 2021/06/07 4:7 p.m.227 views

QOS.ch Logback vulnerable to Deserialization of Untrusted Data

QOS.ch Logback before 1.2.0 has a serialization vulnerability affecting the SocketServer and ServerSocketReceiver components. The RemoteStreamAppenderClient class in logback-classic and the SocketNode classes in logback-classic and logback-access allow data to be deserialized over a Java Socket,...

9.8CVSS9.2AI score0.07501EPSS
Exploits0References25Affected Software2
Github Security Blog
Github Security Blog
added 2021/05/04 5:42 p.m.227 views

Object injection in PHPMailer/PHPMailer

Impact This is a reintroduction of an earlier issue CVE-2018-19296 by an unrelated bug fix in PHPMailer 6.1.8. An external file may be unexpectedly executable if it is used as a path to an attachment file via PHP's support for .phar files. Exploitation requires that an attacker is able to provide...

9.8CVSS9AI score0.03095EPSS
Exploits0References8Affected Software1
Github Security Blog
Github Security Blog
added 2020/04/30 5:16 p.m.227 views

Prototype Pollution Protection Bypass in qs

Affected version of qs are vulnerable to Prototype Pollution because it is possible to bypass the protection. The qs.parse function fails to properly prevent an object's prototype to be altered when parsing arbitrary input. Input containing or may bypass the prototype pollution protection and alt...

7.5CVSS4.6AI score0.02395EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2020/01/16 10:35 p.m.227 views

Django Potential account hijack via password reset form

Django before 1.11.27, 2.x before 2.2.9, and 3.x before 3.0.1 allows account takeover. A suitably crafted email address that is equal to an existing user's email address after case transformation of Unicode characters would allow an attacker to be sent a password reset token for the matched user...

9.8CVSS8.9AI score0.3481EPSS
Exploits7References17Affected Software1
Github Security Blog
Github Security Blog
added 2020/01/07 5:20 p.m.227 views

PrestaShop module ps_facetedsearch might be vulnerable from CVE-2017-9841

Impact We have identified that some psfacetedsearch module ZIP archives have been built with phpunit dev dependencies. PHPUnit contains a php script that would allow, on a webserver, an attacker to perform a RCE. This vulnerability impacts - phpunit before 4.8.28 and 5.x before 5.6.3 as reported ...

9.8CVSS0.6AI score0.99999EPSS
Exploits19References3Affected Software1
Github Security Blog
Github Security Blog
added 2021/05/10 6:44 p.m.226 views

Regular Expression Denial of Service in trim

All versions of package trim lower than 0.0.3 are vulnerable to Regular Expression Denial of Service ReDoS via trim...

7.5CVSS7.5AI score0.03732EPSS
Exploits1References12Affected Software1
Github Security Blog
Github Security Blog
added 2021/03/29 4:32 p.m.226 views

Server-side Request Forgery (SSRF) via img tags in reportlab

All versions of package reportlab at time of writing are vulnerable to Server-side Request Forgery SSRF via img tags. In order to reduce risk, use trustedSchemes & trustedHosts see in Reportlab's documentation Steps to reproduce by Karan Bamal: 1. Download and install the latest package of...

6.5CVSS6.7AI score0.01487EPSS
Exploits1References11Affected Software1
Github Security Blog
Github Security Blog
added 2020/07/07 12:1 a.m.226 views

Context isolation bypass via Promise in Electron

Impact Apps using contextIsolation are affected. This is a context isolation bypass, meaning that code running in the main world context in the renderer can reach into the isolated Electron context and perform privileged actions. Workarounds There are no app-side workarounds, you must update your...

6.8CVSS4.9AI score0.0081EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2021/02/11 8:42 p.m.224 views

SSRF in adminer

Impact Users of Adminer versions bundling all drivers e.g. adminer.php are affected. Patches Patched by ccd2374b, included in version 4.7.9. Workarounds Use a single driver version e.g. adminer-mysql.php. Protect access to Adminer also by other means, e.g. by HTTP password, IP address limiting or...

7.2CVSS2AI score0.90461EPSS
Exploits3References9Affected Software1
Github Security Blog
Github Security Blog
added 2019/01/04 7:9 p.m.224 views

XML External Entity Reference (XXE) in jackson-databind

FasterXML jackson-databind 2.x before 2.9.7 might allow attackers to conduct external XML entity XXE attacks by leveraging failure to block unspecified JDK classes from polymorphic deserialization...

9.8CVSS9.1AI score0.07524EPSS
Exploits0References34Affected Software1
Github Security Blog
Github Security Blog
added 2023/02/04 6:30 a.m.223 views

is-url Inefficient Regular Expression Complexity vulnerability

A vulnerability was found in Segmentio is-url up to 1.2.2. It has been rated as problematic. Affected by this issue is an unknown functionality of the file index.js. The manipulation leads to inefficient regular expression complexity. The attack may be launched remotely. Upgrading to version 1.2....

7.5CVSS3.6AI score0.00944EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2020/03/10 6:3 p.m.223 views

Prototype pollution in dojo

In affected versions of dojo NPM package, the deepCopy method is vulnerable to Prototype Pollution. Prototype Pollution refers to the ability to inject properties into existing JavaScript language construct prototypes, such as objects. An attacker manipulates these attributes to overwrite, or...

7.7CVSS3.2AI score0.0399EPSS
Exploits1References13Affected Software1
Github Security Blog
Github Security Blog
added 2021/07/22 7:43 p.m.222 views

Privilege escalation: all users can access Admin-level API keys

Impact An error in the implementation of the limits service in 4.0.0 allows all authenticated users including contributors to view admin-level API keys via the integrations API endpoint, leading to a privilege escalation vulnerability. GhostPro has already been patched. Self-hosters are impacted ...

7.2CVSS6.8AI score0.01019EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2022/02/09 10:22 p.m.218 views

Improper Certificate Validation in node-sass

Certificate validation in node-sass 2.0.0 to 6.0.1 is disabled when requesting binaries even if the user is not specifying an alternative download path...

5.3CVSS5.8AI score0.0082EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2020/06/15 8:36 p.m.218 views

Insecure Deserialization in Apache Commons Beanutils

In Apache Commons Beanutils 1.9.2, a special BeanIntrospector class was added which allows suppressing the ability for an attacker to access the classloader via the class property available on all Java objects. We, however were not using this by default characteristic of the PropertyUtilsBean...

7.5CVSS3.6AI score0.28839EPSS
Exploits1References57Affected Software1
Github Security Blog
Github Security Blog
added 2022/07/18 12:0 a.m.217 views

WooCommerce WordPress plugin before 6.6.0 vulnerable to stored HTML injection

The WooCommerce WordPress plugin before 6.6.0 is vulnerable to stored HTML injection due to lack of escaping and sanitizing in the payment gateway titles...

4.8CVSS1.2AI score0.00559EPSS
Exploits2References3Affected Software1
Github Security Blog
Github Security Blog
added 2017/10/24 6:33 p.m.217 views

jquery-rails and jquery-ujs subject to Exposure of Sensitive Information

jqueryujs.js in jquery-rails before 3.1.3 and 4.x before 4.0.4 and rails.js in jquery-ujs before 1.0.4, as used with Ruby on Rails 3.x and 4.x, allow remote attackers to bypass the Same Origin Policy, and trigger transmission of a CSRF token to a different-domain web server, via a leading space...

5CVSS6.3AI score0.04397EPSS
Exploits1References13Affected Software2
Github Security Blog
Github Security Blog
added 2026/06/12 8:8 p.m.216 views

esbuild allows arbitrary file read when running the development server on Windows

Summary The development server contains a path traversal vulnerability on Windows when serving files from servedir. Due to the use of path.Clean which only normalizes forward-slash / separators instead of a Windows-aware path normalization function, it is possible to craft requests using...

5.6AI score
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2020/10/02 4:22 p.m.216 views

Android WebView Universal Cross-site Scripting

A universal cross-site scripting UXSS vulnerability, CVE-2020-6506 https://crbug.com/1083819, has been identified in the Android WebView system component, which allows cross-origin iframes to execute arbitrary JavaScript in the top-level document. This vulnerability affects React Native apps whic...

6.5CVSS1.6AI score0.03819EPSS
Exploits0References19Affected Software1
Github Security Blog
Github Security Blog
added 2020/02/04 10:39 p.m.216 views

Improper Restriction of XML External Entity Reference in jackson-mapper-asl

A flaw was found in org.codehaus.jackson:jackson-mapper-asl:1.9.x libraries. XML external entity vulnerabilities similar to CVE-2016-3720 also affects codehaus jackson-mapper-asl libraries but in different classes...

7.5CVSS2.8AI score0.17044EPSS
Exploits0References73Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/12 8:8 p.m.215 views

Withdrawn Advisory: esbuild: Missing binary integrity verification in Deno module enables remote code execution via NPM_CONFIG_REGISTRY

Withdrawn Advisory This advisory has been withdrawn because the affected package was incorrectly identified and the actual affected package is not in a supported ecosystem. This link is maintained to preserve external references. Original Description Summary The esbuild Deno module lib/deno/mod.t...

6.1AI score
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2023/05/23 7:54 p.m.214 views

Administration Console authentication bypass in openfire xmppserver

An important security issue affects a range of versions of Openfire, the cross-platform real-time collaboration server based on the XMPP protocol that is created by the Ignite Realtime community. Impact Openfire's administrative console the Admin Console, a web-based application, was found to be...

8.6CVSS7AI score0.99999EPSS
Exploits15References11Affected Software1
Github Security Blog
Github Security Blog
added 2022/03/26 12:0 a.m.213 views

Cross-site Scripting in Keycloak

A POST based reflected Cross Site Scripting vulnerability on has been identified in Keycloak version 15. The issue was fixed in version 17.0.0...

6.1CVSS2.7AI score0.37246EPSS
Exploits3References3Affected Software1
Github Security Blog
Github Security Blog
added 2021/05/19 11:2 p.m.213 views

Insecure deserialization in Wire

Due to how Wire handles type information in its serialization format, malicious payloads can be passed to a deserializer. e.g. using a surrogate on the sender end, an attacker can pass information about a different type for the receiving end. And by doing so allowing the serializer to create any...

9.1CVSS0.9AI score0.01584EPSS
Exploits1References4Affected Software1
Total number of security vulnerabilities5000